Platform
php
Component
land-record-system
Opgelost in
1.0.1
CVE-2024-13081 is a cross-site scripting (XSS) vulnerability identified in PHPGurukul Land Record System versions 1.0 through 1.0. An attacker can exploit this flaw by manipulating the 'Page Description' parameter within the /admin/contactus.php file, potentially leading to the execution of malicious scripts in the context of a user's browser. A patch is available in version 1.0.1.
Successful exploitation of CVE-2024-13081 allows an attacker to inject arbitrary JavaScript code into the Land Record System's web interface. This can lead to various malicious outcomes, including session hijacking, defacement of the administrative panel, and redirection of users to phishing sites. The attacker could potentially steal sensitive data, such as user credentials or land records, depending on the system's configuration and the privileges of the affected user. Given the administrative context of /admin/contactus.php, a successful attack could grant the attacker control over the entire Land Record System.
CVE-2024-13081 has been publicly disclosed, increasing the likelihood of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact on sensitive data warrant attention. No known active campaigns targeting this vulnerability have been reported as of the publication date. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations utilizing PHPGurukul Land Record System version 1.0, particularly those with publicly accessible administrative interfaces, are at risk. Shared hosting environments where multiple users share the same server instance are also at increased risk, as a compromise of one user's account could potentially lead to the compromise of the entire system.
• wordpress / composer / npm:
grep -r "Page Description" /var/www/html/admin/contactus.php• generic web:
curl -I http://your-land-record-system.com/admin/contactus.php?Page Description=<script>alert('XSS')</script>disclosure
Exploit Status
EPSS
0.13% (32% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-13081 is to upgrade to version 1.0.1 of PHPGurukul Land Record System. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the 'Page Description' parameter within the /admin/contactus.php file. This can involve stripping out potentially malicious HTML tags or encoding user-supplied input. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update the system's security configuration to minimize the attack surface. After upgrade, confirm the vulnerability is resolved by attempting to inject a simple XSS payload into the 'Page Description' field and verifying that it is properly sanitized.
Werk bij naar een gepatchte versie of pas de nodige beveiligingsmaatregelen toe om te voorkomen dat kwaadaardige code wordt geïnjecteerd in het veld 'Page Description' van het bestand /admin/contactus.php. Valideer en escape gebruikersinvoer correct om XSS-aanvallen te voorkomen. Indien er geen gepatchte versie beschikbaar is, overweeg dan de kwetsbare functionaliteit uit te schakelen of te verwijderen.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-13081 is a cross-site scripting (XSS) vulnerability affecting PHPGurukul Land Record System versions 1.0-1.0, allowing attackers to inject malicious scripts via the /admin/contactus.php file.
You are affected if you are using PHPGurukul Land Record System version 1.0. Check your version and upgrade if necessary.
Upgrade to version 1.0.1. As a temporary workaround, implement input validation and sanitization on the 'Page Description' parameter.
While no active campaigns are currently confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to the PHPGurukul website or security mailing lists for the official advisory regarding CVE-2024-13081.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.